[Wordpress] How to disable the REST API on all sites using WordPress 4.7.0 or 4.7.1.

A severe content injection (privilege escalation) vulnerability affecting the REST API was discovered on all sites using WordPress 4.7.0 or 4.7.1. This vulnerability allows an unauthenticated user to modify the content of any post or page within a WordPress site.

Copy this code in your theme file (function.php)

add_filter('rest_authentication_errors','disable_rest_access');

// Function to disable REST API and improve WordPress 4.7.0 / 4.7.1 security

function disable_rest_access($access) {
    return new WP_Error(
        'rest_cannot_access','The REST API for WordPress is disabled.',
         array('status' => rest_authorization_required_code())
    );
}

Awesome Projects

[Wordpress] How to disable the REST API on all sites using WordPress 4.7.0 or 4.7.1.

0 comments:

Post a Comment

Translate

Popular Posts

Tags

Support this site